return max_ver;
}
- bool need_new_secrets() {
+ bool need_new_secrets() const {
return secrets.size() < KEY_ROTATE_NUM;
}
- bool need_new_secrets(utime_t now) {
+ bool need_new_secrets(utime_t now) const {
return secrets.size() < KEY_ROTATE_NUM || current().expiration <= now;
}
p++;
return p->second;
}
+ const ExpiringCryptoKey& current() const {
+ map<uint64_t, ExpiringCryptoKey>::const_iterator p = secrets.begin();
+ p++;
+ return p->second;
+ }
ExpiringCryptoKey& next() {
return secrets.rbegin()->second;
}
class KeyStore {
public:
virtual ~KeyStore() {}
- virtual bool get_secret(EntityName& name, CryptoKey& secret) = 0;
- virtual bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) = 0;
+ virtual bool get_secret(const EntityName& name, CryptoKey& secret) const = 0;
+ virtual bool get_service_secret(uint32_t service_id, uint64_t secret_id,
+ CryptoKey& secret) const = 0;
};
static inline bool auth_principal_needs_rotating_keys(EntityName& name)
~CryptoNone() {}
int create(bufferptr& secret);
int validate_secret(bufferptr& secret);
- int encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out);
- int decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out);
+ int encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const;
+ int decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const;
};
-int CryptoNone::create(bufferptr& secret)
+int CryptoNone::
+create(bufferptr& secret)
{
return 0;
}
-int CryptoNone::validate_secret(bufferptr& secret)
+int CryptoNone::
+validate_secret(bufferptr& secret)
{
return 0;
}
-int CryptoNone::encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out)
+int CryptoNone::
+encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const
{
out = in;
return 0;
}
-int CryptoNone::decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out)
+int CryptoNone::
+decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const
{
out = in;
return 0;
~CryptoAES() {}
int create(bufferptr& secret);
int validate_secret(bufferptr& secret);
- int encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out);
- int decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out);
+ int encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const;
+ int decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const;
};
int CryptoAES::create(bufferptr& secret)
return 0;
}
-int CryptoAES::encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out)
+int CryptoAES::
+encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const
{
if (secret.length() < AES_KEY_LEN) {
dout(0) << "key is too short" << dendl;
return true;
}
-int CryptoAES::decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out)
+int CryptoAES::
+decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const
{
#ifdef USE_CRYPTOPP
const unsigned char *key = (const unsigned char *)secret.c_str();
return h->create(secret);
}
-int CryptoKey::encrypt(const bufferlist& in, bufferlist& out)
+int CryptoKey::encrypt(const bufferlist& in, bufferlist& out) const
{
CryptoHandler *h = ceph_crypto_mgr.get_crypto(type);
if (!h)
return h->encrypt(this->secret, in, out);
}
-int CryptoKey::decrypt(const bufferlist& in, bufferlist& out)
+int CryptoKey::decrypt(const bufferlist& in, bufferlist& out) const
{
CryptoHandler *h = ceph_crypto_mgr.get_crypto(type);
if (!h)
return h->decrypt(this->secret, in, out);
}
-void CryptoKey::print(ostream &out) const
+void CryptoKey::print(std::ostream &out) const
{
string a;
encode_base64(a);
out << a;
}
-void CryptoKey::to_str(string& s)
+void CryptoKey::to_str(std::string& s) const
{
int len = secret.length() * 4;
char buf[len];
int get_type() const { return type; }
utime_t get_created() const { return created; }
- void print(ostream& out) const;
+ void print(std::ostream& out) const;
int set_secret(int type, bufferptr& s);
bufferptr& get_secret() { return secret; }
+ const bufferptr& get_secret() const { return secret; }
void encode_base64(string& s) const {
bufferlist bl;
// --
int create(int type);
- int encrypt(const bufferlist& in, bufferlist& out);
- int decrypt(const bufferlist& in, bufferlist& out);
+ int encrypt(const bufferlist& in, bufferlist& out) const;
+ int decrypt(const bufferlist& in, bufferlist& out) const;
- void to_str(string& s);
+ void to_str(std::string& s) const;
};
WRITE_CLASS_ENCODER(CryptoKey);
virtual ~CryptoHandler() {}
virtual int create(bufferptr& secret) = 0;
virtual int validate_secret(bufferptr& secret) = 0;
- virtual int encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) = 0;
- virtual int decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) = 0;
+ virtual int encrypt(const bufferptr& secret, const bufferlist& in,
+ bufferlist& out) const = 0;
+ virtual int decrypt(const bufferptr& secret, const bufferlist& in,
+ bufferlist& out) const = 0;
};
void print(ostream& out);
// accessors
- bool get_auth(EntityName& name, EntityAuth &a) {
- if (keys.count(name)) {
- a = keys[name];
- return true;
- }
- return false;
+ bool get_auth(const EntityName& name, EntityAuth &a) const {
+ map<EntityName, EntityAuth>::const_iterator k = keys.find(name);
+ if (k == keys.end())
+ return false;
+ a = k->second;
+ return true;
}
- bool get_secret(EntityName& name, CryptoKey& secret) {
- if (keys.count(name)) {
- secret = keys[name].key;
- return true;
- }
- return false;
+ bool get_secret(const EntityName& name, CryptoKey& secret) const {
+ map<EntityName, EntityAuth>::const_iterator k = keys.find(name);
+ if (k == keys.end())
+ return false;
+ secret = k->second.key;
+ return true;
}
- void get_master(CryptoKey& dest) {
+ void get_master(CryptoKey& dest) const {
get_secret(g_conf.name, dest);
}
#define dout_prefix *_dout << "auth: "
-bool RotatingKeyRing::need_new_secrets()
+bool RotatingKeyRing::need_new_secrets() const
{
Mutex::Locker l(lock);
return secrets.need_new_secrets();
}
-bool RotatingKeyRing::need_new_secrets(utime_t now)
+bool RotatingKeyRing::need_new_secrets(utime_t now) const
{
Mutex::Locker l(lock);
return secrets.need_new_secrets(now);
dump_rotating();
}
-void RotatingKeyRing::dump_rotating()
+void RotatingKeyRing::dump_rotating() const
{
dout(10) << "dump_rotating:" << dendl;
- for (map<uint64_t, ExpiringCryptoKey>::iterator iter = secrets.secrets.begin();
+ for (map<uint64_t, ExpiringCryptoKey>::const_iterator iter = secrets.secrets.begin();
iter != secrets.secrets.end();
++iter)
dout(10) << " id " << iter->first << " " << iter->second << dendl;
}
-bool RotatingKeyRing::get_secret(EntityName& name, CryptoKey& secret)
+bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const
{
Mutex::Locker l(lock);
return keyring->get_secret(name, secret);
}
-bool RotatingKeyRing::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret)
+bool RotatingKeyRing::get_service_secret(uint32_t service_id, uint64_t secret_id,
+ CryptoKey& secret) const
{
Mutex::Locker l(lock);
return false;
}
- map<uint64_t, ExpiringCryptoKey>::iterator iter = secrets.secrets.find(secret_id);
+ map<uint64_t, ExpiringCryptoKey>::const_iterator iter =
+ secrets.secrets.find(secret_id);
if (iter == secrets.secrets.end()) {
dout(0) << "could not find secret_id=" << secret_id << dendl;
dump_rotating();
uint32_t service_id;
RotatingSecrets secrets;
KeyRing *keyring;
- Mutex lock;
+ mutable Mutex lock;
public:
RotatingKeyRing(uint32_t s, KeyRing *kr) :
keyring(kr),
lock("RotatingKeyRing::lock") {}
- bool need_new_secrets();
- bool need_new_secrets(utime_t now);
+ bool need_new_secrets() const;
+ bool need_new_secrets(utime_t now) const;
void set_secrets(RotatingSecrets& s);
- void dump_rotating();
- bool get_secret(EntityName& name, CryptoKey& secret);
- bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret);
+ void dump_rotating() const;
+ bool get_secret(const EntityName& name, CryptoKey& secret) const;
+ bool get_service_secret(uint32_t service_id, uint64_t secret_id,
+ CryptoKey& secret) const;
};
#endif
#undef dout_prefix
#define dout_prefix *_dout << "cephx keyserverdata: "
-bool KeyServerData::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id)
+bool KeyServerData::get_service_secret(uint32_t service_id,
+ ExpiringCryptoKey& secret, uint64_t& secret_id) const
{
- map<uint32_t, RotatingSecrets>::iterator iter = rotating_secrets.find(service_id);
+ map<uint32_t, RotatingSecrets>::const_iterator iter =
+ rotating_secrets.find(service_id);
if (iter == rotating_secrets.end()) {
dout(10) << "get_service_secret service " << ceph_entity_type_name(service_id) << " not found " << dendl;
return false;
}
- RotatingSecrets& secrets = iter->second;
+ const RotatingSecrets& secrets = iter->second;
// second to oldest, unless it's expired
- map<uint64_t, ExpiringCryptoKey>::iterator riter = secrets.secrets.begin();
+ map<uint64_t, ExpiringCryptoKey>::const_iterator riter =
+ secrets.secrets.begin();
if (secrets.secrets.size() > 1)
++riter;
return true;
}
-bool KeyServerData::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id)
+bool KeyServerData::get_service_secret(uint32_t service_id,
+ CryptoKey& secret, uint64_t& secret_id) const
{
ExpiringCryptoKey e;
return true;
}
-bool KeyServerData::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret)
+bool KeyServerData::get_service_secret(uint32_t service_id,
+ uint64_t secret_id, CryptoKey& secret) const
{
- map<uint32_t, RotatingSecrets>::iterator iter = rotating_secrets.find(service_id);
+ map<uint32_t, RotatingSecrets>::const_iterator iter =
+ rotating_secrets.find(service_id);
if (iter == rotating_secrets.end())
return false;
- RotatingSecrets& secrets = iter->second;
- map<uint64_t, ExpiringCryptoKey>::iterator riter = secrets.secrets.find(secret_id);
+ const RotatingSecrets& secrets = iter->second;
+ map<uint64_t, ExpiringCryptoKey>::const_iterator riter =
+ secrets.secrets.find(secret_id);
if (riter == secrets.secrets.end()) {
- dout(10) << "get_service_secret service " << ceph_entity_type_name(service_id) << " secret " << secret_id
- << " not found; i have:" << dendl;
- for (map<uint64_t, ExpiringCryptoKey>::iterator iter = secrets.secrets.begin();
+ dout(10) << "get_service_secret service " << ceph_entity_type_name(service_id)
+ << " secret " << secret_id << " not found; i have:" << dendl;
+ for (map<uint64_t, ExpiringCryptoKey>::const_iterator iter =
+ secrets.secrets.begin();
iter != secrets.secrets.end();
++iter)
dout(10) << " id " << iter->first << " " << iter->second << dendl;
return true;
}
-bool KeyServerData::get_auth(EntityName& name, EntityAuth& auth) {
- map<EntityName, EntityAuth>::iterator iter = secrets.find(name);
+bool KeyServerData::get_auth(const EntityName& name, EntityAuth& auth) const {
+ map<EntityName, EntityAuth>::const_iterator iter = secrets.find(name);
if (iter == secrets.end())
return false;
auth = iter->second;
return true;
}
-bool KeyServerData::get_secret(EntityName& name, CryptoKey& secret) {
- map<EntityName, EntityAuth>::iterator iter = secrets.find(name);
+bool KeyServerData::get_secret(const EntityName& name, CryptoKey& secret) const {
+ map<EntityName, EntityAuth>::const_iterator iter = secrets.find(name);
if (iter == secrets.end())
return false;
secret = iter->second.key;
return true;
}
-bool KeyServerData::get_caps(EntityName& name, string& type, AuthCapsInfo& caps_info)
+bool KeyServerData::get_caps(const EntityName& name, const string& type,
+ AuthCapsInfo& caps_info) const
{
caps_info.allow_all = false;
dout(10) << "get_caps: name=" << name.to_str() << dendl;
- map<EntityName, EntityAuth>::iterator iter = secrets.find(name);
+ map<EntityName, EntityAuth>::const_iterator iter = secrets.find(name);
if (iter == secrets.end())
return false;
dout(10) << "get_secret: num of caps=" << iter->second.caps.size() << dendl;
- map<string, bufferlist>::iterator capsiter = iter->second.caps.find(type);
+ map<string, bufferlist>::const_iterator capsiter = iter->second.caps.find(type);
if (capsiter != iter->second.caps.end()) {
caps_info.caps = capsiter->second;
}
return added;
}
-bool KeyServer::get_secret(EntityName& name, CryptoKey& secret)
+bool KeyServer::get_secret(const EntityName& name, CryptoKey& secret) const
{
Mutex::Locker l(lock);
return data.get_secret(name, secret);
}
-bool KeyServer::get_auth(EntityName& name, EntityAuth& auth)
+bool KeyServer::get_auth(const EntityName& name, EntityAuth& auth) const
{
Mutex::Locker l(lock);
return data.get_auth(name, auth);
}
-bool KeyServer::get_caps(EntityName& name, string& type, AuthCapsInfo& caps_info)
+bool KeyServer::get_caps(const EntityName& name, const string& type,
+ AuthCapsInfo& caps_info) const
{
Mutex::Locker l(lock);
return data.get_caps(name, type, caps_info);
}
-bool KeyServer::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id)
+bool KeyServer::get_service_secret(uint32_t service_id,
+ ExpiringCryptoKey& secret, uint64_t& secret_id) const
{
Mutex::Locker l(lock);
return data.get_service_secret(service_id, secret, secret_id);
}
-bool KeyServer::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id)
+bool KeyServer::get_service_secret(uint32_t service_id,
+ CryptoKey& secret, uint64_t& secret_id) const
{
Mutex::Locker l(lock);
return data.get_service_secret(service_id, secret, secret_id);
}
-bool KeyServer::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret)
+bool KeyServer::get_service_secret(uint32_t service_id,
+ uint64_t secret_id, CryptoKey& secret) const
{
Mutex::Locker l(lock);
return true;
}
-bool KeyServer::contains(EntityName& name)
+bool KeyServer::contains(const EntityName& name) const
{
Mutex::Locker l(lock);
return data.contains(name);
}
-void KeyServer::list_secrets(stringstream& ss)
+void KeyServer::list_secrets(stringstream& ss) const
{
Mutex::Locker l(lock);
- map<EntityName, EntityAuth>::iterator mapiter = data.secrets_begin();
+ map<EntityName, EntityAuth>::const_iterator mapiter = data.secrets_begin();
if (mapiter != data.secrets_end()) {
ss << "installed auth entries: " << std::endl;
ss << "\tkey: " << mapiter->second.key << std::endl;
- map<string, bufferlist>::iterator capsiter = mapiter->second.caps.begin();
+ map<string, bufferlist>::const_iterator capsiter =
+ mapiter->second.caps.begin();
for (; capsiter != mapiter->second.caps.end(); ++capsiter) {
- bufferlist::iterator dataiter = capsiter->second.begin();
+ // FIXME: need a const_iterator for bufferlist, but it doesn't exist yet.
+ bufferlist *bl = const_cast<bufferlist*>(&capsiter->second);
+ bufferlist::iterator dataiter = bl->begin();
string caps;
::decode(caps, dataiter);
ss << "\tcaps: [" << capsiter->first << "] " << caps << std::endl;
return true;
}
-bool KeyServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl)
+bool KeyServer::get_rotating_encrypted(const EntityName& name,
+ bufferlist& enc_bl) const
{
Mutex::Locker l(lock);
- map<EntityName, EntityAuth>::iterator mapiter = data.find_name(name);
+ map<EntityName, EntityAuth>::const_iterator mapiter = data.find_name(name);
if (mapiter == data.secrets_end())
return false;
- CryptoKey& specific_key = mapiter->second.key;
+ const CryptoKey& specific_key = mapiter->second.key;
- map<uint32_t, RotatingSecrets>::iterator rotate_iter =
+ map<uint32_t, RotatingSecrets>::const_iterator rotate_iter =
data.rotating_secrets.find(name.get_type());
if (rotate_iter == data.rotating_secrets.end())
return false;
return true;
}
-bool KeyServer::_get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps_info)
+bool KeyServer::_get_service_caps(const EntityName& name, uint32_t service_id,
+ AuthCapsInfo& caps_info) const
{
string s = ceph_entity_type_name(service_id);
return data.get_caps(name, s, caps_info);
}
-bool KeyServer::get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps_info)
+bool KeyServer::get_service_caps(const EntityName& name, uint32_t service_id,
+ AuthCapsInfo& caps_info) const
{
Mutex::Locker l(lock);
return _get_service_caps(name, service_id, caps_info);
::decode(rotating_secrets, bl);
}
- void encode_rotating(bufferlist& bl) {
+ void encode_rotating(bufferlist& bl) const {
__u8 struct_v = 1;
::encode(struct_v, bl);
::encode(rotating_ver, bl);
::decode(rotating_secrets, iter);
}
- bool contains(EntityName& name) {
+ bool contains(const EntityName& name) const {
return (secrets.find(name) != secrets.end());
}
secrets.erase(iter);
}
- bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id);
- bool get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id);
- bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret);
- bool get_auth(EntityName& name, EntityAuth& auth);
- bool get_secret(EntityName& name, CryptoKey& secret);
- bool get_caps(EntityName& name, string& type, AuthCapsInfo& caps);
-
- map<EntityName, EntityAuth>::iterator secrets_begin() { return secrets.begin(); }
- map<EntityName, EntityAuth>::iterator secrets_end() { return secrets.end(); }
- map<EntityName, EntityAuth>::iterator find_name(EntityName& name) { return secrets.find(name); }
+ bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret,
+ uint64_t& secret_id) const;
+ bool get_service_secret(uint32_t service_id, CryptoKey& secret,
+ uint64_t& secret_id) const;
+ bool get_service_secret(uint32_t service_id, uint64_t secret_id,
+ CryptoKey& secret) const;
+ bool get_auth(const EntityName& name, EntityAuth& auth) const;
+ bool get_secret(const EntityName& name, CryptoKey& secret) const;
+ bool get_caps(const EntityName& name, const string& type, AuthCapsInfo& caps) const;
+
+ map<EntityName, EntityAuth>::iterator secrets_begin()
+ { return secrets.begin(); }
+ map<EntityName, EntityAuth>::const_iterator secrets_begin() const
+ { return secrets.begin(); }
+ map<EntityName, EntityAuth>::iterator secrets_end()
+ { return secrets.end(); }
+ map<EntityName, EntityAuth>::const_iterator secrets_end() const
+ { return secrets.end(); }
+ map<EntityName, EntityAuth>::iterator find_name(const EntityName& name)
+ { return secrets.find(name); }
+ map<EntityName, EntityAuth>::const_iterator find_name(const EntityName& name) const
+ { return secrets.find(name); }
// -- incremental updates --
class KeyServer : public KeyStore {
KeyServerData data;
- Mutex lock;
+ mutable Mutex lock;
int _rotate_secret(uint32_t service_id);
bool _check_rotating_secrets();
void _dump_rotating_secrets();
- int _build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info);
- bool _get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps);
+ int _build_session_auth_info(uint32_t service_id,
+ CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info);
+ bool _get_service_caps(const EntityName& name, uint32_t service_id,
+ AuthCapsInfo& caps) const;
public:
KeyServer();
bool generate_secret(CryptoKey& secret);
- bool get_secret(EntityName& name, CryptoKey& secret);
- bool get_auth(EntityName& name, EntityAuth& auth);
- bool get_caps(EntityName& name, string& type, AuthCapsInfo& caps);
- bool get_active_rotating_secret(EntityName& name, CryptoKey& secret);
+ bool get_secret(const EntityName& name, CryptoKey& secret) const;
+ bool get_auth(const EntityName& name, EntityAuth& auth) const;
+ bool get_caps(const EntityName& name, const string& type, AuthCapsInfo& caps) const;
+ bool get_active_rotating_secret(const EntityName& name, CryptoKey& secret) const;
int start_server();
void rotate_timeout(double timeout);
CryptoKey& service_secret, uint64_t secret_id);
/* get current secret for specific service type */
- bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& service_key, uint64_t& secret_id);
- bool get_service_secret(uint32_t service_id, CryptoKey& service_key, uint64_t& secret_id);
- bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret);
+ bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& service_key,
+ uint64_t& secret_id) const;
+ bool get_service_secret(uint32_t service_id, CryptoKey& service_key,
+ uint64_t& secret_id) const;
+ bool get_service_secret(uint32_t service_id, uint64_t secret_id,
+ CryptoKey& secret) const;
bool generate_secret(EntityName& name, CryptoKey& secret);
Mutex::Locker l(lock);
::decode(data, bl);
}
- bool contains(EntityName& name);
- void list_secrets(stringstream& ss);
- version_t get_ver() {
+ bool contains(const EntityName& name) const;
+ void list_secrets(stringstream& ss) const;
+ version_t get_ver() const {
Mutex::Locker l(lock);
return data.version;
}
data.add_rotating_secret(service_id, key);
}
*/
- void clone_to(KeyServerData& dst) {
+ void clone_to(KeyServerData& dst) const {
Mutex::Locker l(lock);
dst = data;
}
bool updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver);
- bool get_rotating_encrypted(EntityName& name, bufferlist& enc_bl);
+ bool get_rotating_encrypted(const EntityName& name, bufferlist& enc_bl) const;
- Mutex& get_lock() { return lock; }
- bool get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps);
+ Mutex& get_lock() const { return lock; }
+ bool get_service_caps(const EntityName& name, uint32_t service_id,
+ AuthCapsInfo& caps) const;
};
WRITE_CLASS_ENCODER(KeyServer);
}
template <typename T>
-int encode_encrypt_enc_bl(const T& t, CryptoKey& key, bufferlist& out) {
+int encode_encrypt_enc_bl(const T& t, const CryptoKey& key, bufferlist& out) {
bufferlist bl;
__u8 struct_v = 1;
::encode(struct_v, bl);
}
template <typename T>
-int decode_decrypt(T& t, CryptoKey key, bufferlist::iterator& iter) {
+int decode_decrypt(T& t, const CryptoKey key, bufferlist::iterator& iter) {
bufferlist bl_enc;
::decode(bl_enc, iter);
return decode_decrypt_enc_bl(t, key, bl_enc);
}
template <typename T>
-int encode_encrypt(const T& t, CryptoKey& key, bufferlist& out) {
+int encode_encrypt(const T& t, const CryptoKey& key, bufferlist& out) {
bufferlist bl_enc;
int ret = encode_encrypt_enc_bl(t, key, bl_enc);
if (ret < 0)
{
return (a.sec() > b.sec()) || (a.sec() == b.sec() && a.nsec() > b.nsec());
}
+inline bool operator<=(const utime_t& a, const utime_t& b)
+{
+ return !(operator>(a, b));
+}
inline bool operator<(const utime_t& a, const utime_t& b)
{
return (a.sec() < b.sec()) || (a.sec() == b.sec() && a.nsec() < b.nsec());
}
+inline bool operator>=(const utime_t& a, const utime_t& b)
+{
+ return !(operator<(a, b));
+}
inline bool operator==(const utime_t& a, const utime_t& b)
{
projects / ceph.git / commitdiff